Blueprint: Build the Best in Cyber Defense

Click here to send us your ideas and feedback on Blueprint!This episode is a big one! We kick off 2026 with a critical lessons learned on how to detect and prevent the threat of fake IT workers infiltrating your organization through the story of a REAL compromise. In this episode, repeat guest Zak Stufflebeam shares a detailed case study involving a major investigation of multiple counterfeit IT employees within a company. The episode provides valuable insights and actionable detection tactics, covering everything from unusual VPN activity and AI-generated resumes to suspicious interview responses and unauthorized access requests. With the rise of remote work, this episode is essential listening for cyber defenders aiming to ensure their networks are clean and defensible in the new year.Check out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations LDR551: Building and Leader Security Operations Centers Follow and Connect with John: LinkedIn

Zak Stufflebeam, a Director of Cybersecurity with a military background, discusses his captivating journey from military training to leading cybersecurity teams. He highlights key leadership lessons, emphasizing the importance of confidence and adaptability. Zak shares insights on overcoming imposter syndrome and fostering team trust, drawing parallels between military and corporate environments. He also offers essential advice for aspiring SOC analysts and underscores the significance of perseverance and maintaining focus under pressure for success in high-stakes situations.

In a deep dive into cybersecurity, James Lyne from SANS, who specializes in tracking down cyber criminals, and Ciaran Martin, a former government official who set up the UK's National Cyber Security Centre, share invaluable insights. They discuss the ever-evolving threat landscape and the importance of proactive defense strategies. Topics include the role of Security Operations Centers, the interplay between blue teams and penetration testing, and the significance of user training against phishing attacks. Their energetic exchange balances critical knowledge with a touch of humor.

James Spiteri, who leads product initiatives at Elastic for AI and machine learning in security, shares insights on how AI is transforming Security Operations Centers. He discusses the rise of agentic automation, which creates independent workflows while maintaining human oversight. Spiteri highlights the Model Context Protocol and its integration with large language models, addressing both the benefits and potential risks, such as AI 'hallucinations'. The conversation emphasizes the balance needed between automation and human engagement for effective cybersecurity.

Click here to send us your ideas and feedback on Blueprint!In this episode, we sit down with Rich Greene, a former United States Army Special Forces Green Beret and current SANS instructor for SEC275 and SEC301. Rich shares his incredible journey spanning 20 years in the Army, including his transition from military communication roles into the realm of cybersecurity. He talks about the importance of fundamentals in cybersecurity, the power of effective communication and persuasion, and dispels common misconceptions about entering the cyber field. Rich also highlights his passion for teaching and how his military background has shaped his approach to instruction and information security. Tune in for invaluable advice that applies to anyone no matter your role!. Check out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations LDR551: Building and Leader Security Operations Centers Follow and Connect with John: LinkedIn

Click here to send us your ideas and feedback on Blueprint!In this episode, we sit down with Ryan Thompson, a seasoned expert in building dashboards that actually detect real threats—not just look pretty. With experience at Elastic, Alert Logic, and top EDR vendors, Ryan shares deep insights into the science behind effective dashboards and how security teams can cut through the noise to find the threats on your network.We cover:Why most SOC dashboards fail to deliver real insights—and how to fix them.The right way to structure dashboards for SIEM, EDR, and threat hunting.How to visualize security data effectively to make detection faster.The balance between automation, alerts, and analyst intuition.If you’re a SOC analyst, detection engineer, or security leader looking to elevate your dashboard game and sharpen your cyber threat detection skills, this is an episode you won’t want to miss!Check out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations LDR551: Building and Leader Security Operations Centers Follow and Connect with John: LinkedIn

Kickstart your New Year with a personal system for productivity that can help align your life with your goals for 2025. Discover a three-step approach to achieve career aspirations by breaking down objectives and prioritizing tasks. Learn to draw insights from successful individuals to stay motivated and overcome hurdles. Small, achievable steps can make a big difference, and a 'done list' can help you celebrate progress while aligning daily tasks with long-term dreams. Embrace a healthier approach to productivity!

Click here to send us your ideas and feedback on Blueprint!Mark Morowczynski returns for his 4th(!) time with his Microsoft coworker and identity and authentication expert Tarek Dawoud in this incredibly insightful conversation on the what, why, and how of  phishing resistant credentials that YOU can implement right now! This conversation covers:What makes MFA phishable?What phishing resistant credentials are and how they workThe history and modern methods for phishing resistant credentialsWhat attacks will be used once we move to phishing resistant credentials, and how to prevent and detect itHow verified digital identities and corporate identification can help further reduce risk of help desk based attacksShifting the culture to adopt a passwordless loginKey logs to detect identity attacksResources for learning KQLEpisode Links:Tarek Explains Phishing Resistant Authentication: https://www.youtube.com/watch?v=3wtwUh6iyxYMicrosoft Digital Defense Report: https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024Nuance: https://www.nuance.com/index.htmlBook - The Definitive Guide to KQL: https://www.microsoftpressstore.com/store/definitive-guide-to-kql-using-kusto-query-language-9780138293383 KQL Github Repo: github.com/kqlmspress Kusto Detective Agency: https://detective.kusto.io/Check out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations LDR551: Building and Leader Security Operations Centers Follow and Connect with John: LinkedIn

Click here to send us your ideas and feedback on Blueprint!In this mega-discussion with Seth Misenar on GenAI and LLM usage for security operations we cover some very interesting questions such as: - The importance of natural language processing in Sec Ops- How AI is helping us detect phishing email- Where and how AI is lowering the bar for entry-level security SOC roles- Should we worry about AI hallucinations or AI taking our jobs?- What is a reasoning model and how is it different than what we've seen so far?- The future of AI - Multimodal interaction, Larger Context Windows, RAG, and more- What is Agentic AI and why will it change the game?Episode Links:The book from Manning Seth liked as a thoughtful accessible on-ramp: https://www.manning.com/books/introduction-to-generative-aiCoursera prompt engineering course series: https://coursera.org/specializations/prompt-engineeringGandalf Online Prompt Injection Challenges from Lakera (FYI Seth finds a lot of Lakera’s content to be really high-quality and useful): https://gandalf.lakera.ai/baseline“Nonsense on stilts” reference from Gary Marcus in response to the Google employee claiming LaMDA was sentient: https://garymarcus.substack.com/p/nonsense-on-stilts?utm_source=twitter&sd=pf. AI as a monster with a smiley face image: https://knowyourmeme.com/memes/shoggoth-with-smiley-face-artificial-intelligenceEthan Mollick is the Wharton professor Seth mentioned, Seth says his “One Useful Thing” Substack is a valuable and thought provoking source: https://www.oneusefulthing.org/. Also his book, Co-Intelligence: Living and Working with AI, would also be worth checking out: https://www.penguinrandomhouse.com/bookCheck out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations LDR551: Building and Leader Security Operations Centers Follow and Connect with John: LinkedIn

Click here to send us your ideas and feedback on Blueprint!In this episode, we take you behind the scenes of a complex gift card fraud investigation. Join host John Hubbard and guest Mark Jeanmougin as they explore the intricate details of uncovering and combating a clever case of cyber fraud. In this episode Mark discusses how the incident was identified, investigated, contained, and what lessons were learned along the way.Episode Links:- Mark's LinkedIn Profile: https://www.linkedin.com/in/markjx/- Mark's Teaching Schedule: https://www.sans.org/profiles/mark-jeanmougin/Check out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations LDR551: Building and Leader Security Operations Centers Follow and Connect with John: LinkedIn